Professional Documents
Culture Documents
Lab Automous AP
Lab Automous AP
CU HNH AUTONOMOUS AP
S :
Hnh 1.
M t:
Mt Access point ca mt cng ty cn phi thc hin ph sng wireless cho phng
khch ca cng ty y. Yu cu t ra l AP ny cn phi pht ra 02 SSID, mt cho khch
n thm v mt cho nhn vin ca cng ty. Khch n thm c th truy nhp wireless
vo mt VLAN dnh ring cho khch m khng cn phi xc thc thng qua SSID
Guest. Ngc li, nu mun truy nhp vo VLAN cho nhn vin cn phi truy nhp
thng qua SSID Staff v phi chu xc thc bng password secret_key mi c th
vo c VLAN dnh ring cho nhn vin ca cng ty.
Yu cu:
1. Cu hnh VLAN trn SW3560:
VLAN 1: gn subnet l 192.168.1.0/24.
VLAN 10: Guest; gn subnet l 192.168.10.0/24.
VLAN 20: Staff; gn subnet l 192.168.20.0/24.
2. Cu hnh Trunking Dot1Q gia SW v AP.
3. Cu hnh DHCP Server trn SW cp IP cho c hai VLAN ny.
4. Cu hnh cc thng s c bn cho AP. Dng PC kt ni vo cng f0/24 ca SW
truy nhp AP bng giao din web cu hnh cc SSID tng ng vi cc VLAN
10 v 20 theo nh yu cu nu ra trong phn m t trn.
1
Point
Thc hin:
Bc 1: Cu hnh cc VLAN trn SW3560, VLAN 10 dnh cho khch v VLAN 20
dnh cho nhn vin.
Switch(config)#vlan 10
Switch(config-vlan)#name Guest
Switch(config-vlan)#exit
Switch(config)#vlan 20
Switch(config-vlan)#name Staff
Switch(config-vlan)#exit
2
Point
Do :
-
Trong bi lab ny, ta s thc hin truy nhp Web vo AP bng a ch 192.168.1.1,
username v password s c i thnh cisco v vnpro. t c iu ny, ta thc
hin cu hnh c bn ban u cho Access Point:
- ng nhp vo AP qua cng Console. Nu cha cu hnh g c th enable password
mc nh l Cisco.
- t a ch IP cho AP trn cng BVI1 y chnh l a ch i din cho AP giao tip
vi bn ngoi:
ap(config)#interface BVI1
ap(config-if)#ip address 192.168.1.1 255.255.255.0
- To ti khon mi cho vic truy nhp Web: username cisco, password vnpro.
ap(config)#username cisco password vnpro
Bc 5: S dng mt PC truy nhp vo AP bng giao din Web (s dng trnh duyt
l Internet Explorer hoc Mozila FireFox).
Trong s lab hnh 1, PC cu hnh c kt ni vo VLAN 1. Cc thng tin cu hnh
Web vo AP cng thng qua VLAN 1 (VLAN qun l ca Switch). Ta thc hin t
a ch ca AP v ca PC l cc IP nm trong di IP cp cho VLAN 1 (di
192.168.1.0/24). y, ta t IP cho PC l 192.168.1.2/24.
3
Point
Hnh 2.
4
Point
Hnh 3.
Bc 6: Thc hin cu hnh cc SSID Guest v Staff
Chn phn EXPRESS SECURITY, ca s cu hnh cho phn ny hin ra (hnh 4):
5
Point
Hnh 4.
Ta to ra cc SSID theo yu cu:
-
To SSID Guest cho VLAN 10 (hnh 5). Sau khi nhp xong, nhn Apply
update cu hnh.
Hnh 5.
-
To SSID Staff cho VLAN 20 (hnh 6). Sau khi nhp xong, nhn Apply update
cu hnh.
6
Point
Hnh 6.
Lu :
-
Hnh 7.
Tip theo, ta vo ca s ca phn SECURITY (hnh 8):
7
Point
Hnh 8.
Chn mc SSID Manager, ca s cu hnh thuc tnh SSID s hin ra (hnh 9):
8
Point
Hnh 9.
Trong Current SSID List, ta chn SSID Guest tng ng vi VLAN10 (hnh 10):
Hnh 10.
Trong mc Interface ta chn Radio0-802.11G ghp SSID ny vo thu pht chun
G. Nu mun bt thm chun A th ta check thm vo Radio0-802.11A trong mc
Interface(hnh10).
9
Lab Autonomous Access Point
Hnh 11.
Tip theo, trong mc Multiple BSSID Beacon Settings , ta check vo Set SSID as
Guest Mode sau nhn Apply update cu hnh (hnh 12):
Hnh 12.
Thc hin tng t vi SSID Staff.
Bc 7: Cu hnh AP pht sng theo chun G.
- Vo mc NETWORK INTERFACES, cc thng s trn cc cng hin ra (hnh 12).
Ta thy: hin nay cc giao din Radio0-802.11G v Radio1-802.11A u cha c bt
ln (Disabled/Down).
10
Point
Hnh 13.
- T y, ta vo tip phn Radio0-802.11G. Trong phn ny, ta chn th SETTINGS
(hnh 14):
11
Point
Hnh 14.
Trong ca s ca th SETTINGS, ta chn Enable pht sng chun G (hnh 15):
Hnh 15.
12
Point
Hnh 16.
Ta cng c th chn knh pht sng (hinh 17):
Hnh 17.
13
Point
Sau khi thit lp xong, ta quay li ca s NETWORK INTERFACES kim tra (hnh
18):
Hnh 18.
Ch : Vic thit lp SSID, map VLAN, cu hnh guest mode (bc 6) phi c thc
hin trc khi thit lp thu pht Radio (bc 7), nu khng cc interface dot11G hoc
dot11A s khng th up ln c.
Bc 8: Kim tra li cc SSID c thit lp.
n y, ta c cc SSID c pht ra, cc user c th truy nhp vo c cc
VLAN thch hp. Ta kim tra li iu ny:
-
Hnh 19.
-
Hnh 20.
14
Point
Trn cc Wireless Client thc hin qut sng, ta s thy cc SSID c pht
ra , tuy nhin SSID Staff vn cha c xc thc (Unsecured wireless network)
(hnh 21):
Hnh 21.
Bc 9: Cu hnh password Pre-shared Key WPA 2 cho SSID Staff.
Trong mc SECURITY, chn tip mc Encryption manager (hnh 22):
Hnh 22.
15
Point
Hnh 23.
Tip theo, trong mc Encryption Modes, ta chn Cipher v thit lp cu hnh m
ha thch hp. Ta s dng chun bo mt WPA 2 cho SSID Staff th phng thc m
ha c chn phi l AES CCMP (hnh 24):
Hnh 24.
Nh ko thanh cun xung, chn Apply cp nht cu hnh.
Bc k tip, ta chuyn sang ca s SSID Manager ca mc SECURITY (hnh 25):
16
Point
Hnh 25.
Trong ca s ny, ta chn SSID Staff trong mc SSID Properties (hnh 26):
Hnh 26.
Ko thanh cun xung, ta thc hin chn cc thng s thch hp trong ca s Client
Authenticated Key Management (hnh 27):
Hnh 27.
Cui cng, ko thanh cun xung tip, trong mc Multiple BSSID Beacon Setting,
nhn Apply cp nht cu hnh (hnh 28):
Hnh 28.
17
Point
Hnh 29.
- Kim tra trn Client ta thy cc SSID Guest v Staff c pht ra, trong ,
Staff c ci xc thc WPA2 (hnh 30):
Hnh 30.
-
18
Point
Hnh 31.
19
Point
Hnh 32.
Ta phi nhp ng password l secret_key th client mi c th ng nhp c
vo mng v nhn c a ch IP thch hp (dnh cho VLAN 20). Kt qu ng
nhp c hin th trong hnh 33:
20
Point
21
Point